detailed cookies list plugin h5p

Submitted by marina.bosco on Fri, 03/11/2022 - 12:26
marina.bosco's picture
Forums: 
General discussion

Hi

I work at University of Turin, Italy, and I need a technical and concise cookie list (plugin H5P)  with details (Category, cookie name, service duration, description/purpose) in order to complete the information about Privacy of our Moodle platforms that contain the plugin H5P (apart from core).

Can you help me? Where can i find these informations?

Thanks in advance

Marina Bosco

 

 

otacke's picture

otacke

Fri, 03/11/2022 - 13:39

Hi Marina!

I think the H5P plugins and the H5P core libraries do not use cookies at all.

There may be content types such as Interactive Video that work with cookies if you use YouTube videos - but those will be cookies set by YouTube, not by H5P.

Best,
Oliver

Daniel909

Fri, 04/29/2022 - 15:16

Hi

We have a cookie on our website called H5PUserUUID. It was discovered on a webpage that uses H5P when we did a cookie scan with Termly. Termly is a cookie consent plugin for Wordpress. An example value for the cookie is: 9669a71d-94db-431d-88b5-3f358cec8622

The H5P on the webpage seems to work okay even when the you decline the cookie.

Does this cookie comes from the H5P Wordpress plugin? If so, what is it's function?

Thank you.

otacke's picture

otacke

Fri, 04/29/2022 - 21:37

Hi Daniel!

The "H5PUserUUID" is not a cookie, but an entry in the browser's Local Storage. While functionality can be similar, the difference is that cookies can be read by any site which can allow cross-site tracking of users. This is not possible with entries in Local Storage, because only the site that set the entry can read it.

The "H5PUserUUID" is a random id set in local Storage if a user is lot logged in, but he or she uses H5P content that sends out xAPI statements (I am simplifying here: results). This allows those platform hosts who use the xAPI statements to at least assign xAPI statements (results) to the same user although hosts do not gain any other information about that user. So, that "H5PUserUUID" is merely useful for knowing that someone who is not logged in has been using multiple H5P contents. If the host is not evaluating the xAPI statements (which is the default), then the "H5PUserUUID" does absolutely nothing.

The relevant code is at https://github.com/h5p/h5p-php-library/blob/f6fef74651264dfad4c22c290d730ae96b7ee20a/js/h5p-x-api-event.js#L193-L224 if you want to confirm the behavior yourself.

Best,
Oliver

 

Daniel909

Tue, 05/03/2022 - 15:50

Hi Oliver

Many thanks for your reply and explanation about the H5PUserUUID.

Best wishes

Daniel

 

otacke's picture

otacke

Tue, 05/03/2022 - 22:25

Hey Daniel!

Thanks for saying thanks :-)

Best,
Oliver